Speaking is (former) Highberg employee Christ Reniers, information security and risk management consultant. He was hired in 2013 by healthcare institution Triade to make their organization demonstrably in control in the field of information security, with the ultimate goal of NEN7510 certification: the Dutch standard for information security at healthcare institutions. Reniers: “You see that the decentralized government is making more and more demands in terms of laws and regulations. Anticipating this, Highberg wanted to identify all risks related to information security and take appropriate measures to ensure that as little could go wrong as possible.”
Golden rules
Using a quick scan, Highberg looked at what was in order, what was not and where the biggest gaps were. Reniers: “You have to get people to think in terms of risks and take action on them. It’s a change of mindset. That is sometimes difficult. A care institution like Triade has a central office and, in addition, about a hundred locations for clients, ranging from homes to residential complexes and day care. Almost every location has great independence, so how do you coordinate that with key and access management, for example? Can you come up with something generic for that? How do you control access to care or financial information? And is that information all correct?”
To create support on the shop floor for optimizing information security, Highberg introduced Golden Rules. Reniers: “The rules range from ‘Lock your computer’ and ‘Don’t discuss your clients in public’ to ‘Deal carefully with social media in relation to your clients’ Within a short time everyone knew these rules by heart and-not unimportantly-followed them. Together with the overall change process initiated by Highberg, this led to Triade successfully passing the audit at the end of last year and obtaining the NEN7510 certificate. An achievement that both Triade and Highberg are proud of.
“The beauty of working for healthcare institutions is that you directly contribute to a better society,” explains Reniers. “We help healthcare institutions not only handle client information securely, but also provide correct, complete and reliable information. This ensures that clients get the care they need. For the client’s constituents, it is important that they can be confident that their loved one is receiving proper care and their information is being handled properly. It increases the sense of security in every way.”
Want to learn more about this assignment or the topic of information security in healthcare? Please get in touch with Steven Debets.
